cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

311
Views
0
Helpful
2
Replies

ACS 5.5 MAB configuration, authenticate Computer

Hello Community,

 

iam using Cisco ACS 5.5. I have a short question,

When i want to authenticat a normal Computer with Mac-Address, do i only have to add the Mac-Adress under identity Stores "Hosts" ?

 

When i do that, i see on Reporting that the Computer want to Authenticate with CHAP/MD5  and want a Username (Mac-Adress without dahes Like: 0045c35b1ef0)

 Message: 22056 Subject not found in the applicable identity store(s).

 

When i add this username (Mac without dashes) with password on internal Users identity Store the authentication works.

 

But is is possible that the computer authenticate only with Lookup ? that  i only have to add the computer mac-adress to hosts identity store.

 

How can i confiure that ?

 

thanks

 

regards

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
hdussa
Beginner

Hi Sebastian,

the MAC must be in "Hosts"

Under Access-Policies/Access Services/Allowed Protocols" you need to select "host lookup".

 

Horst

View solution in original post

2 REPLIES 2
hdussa
Beginner

Hi Sebastian,

the MAC must be in "Hosts"

Under Access-Policies/Access Services/Allowed Protocols" you need to select "host lookup".

 

Horst

View solution in original post

mohanak
Cisco Employee

Problem: 22056 Subject not found in the applicable identity store(s)

AD users do not get authenticated with ACS version 5.x and receive this error message: 22056 Subject not found in the applicable identity store(s).

Solution

This error message occurs when the ACS failed to find the user in the first listed database that is configured in the Identity store sequence. This is an informational message and does not affect the performance of the ACS. The way that ACS 5.x performs the authentication for internal or external users is different than the previous 4.x version. With the 5.x version, there is an option called Identity Store Sequence to define the sequence of user databases to be authenticated. For more information, refer to Configuring Identity Store Sequences.

If you receive this error when you are using the ACS to authenticate requests against a Child Domain, then you have to add a UPN suffix or NETBIOS prefix to the username. For more information, refer to the Notes in the Microsoft AD section.

Content for Community-Ad